Lucene search

[email protected]CVE-2006-0880

HistoryFeb 24, 2006 - 11:02 a.m.

CVE-2006-0880

2006-02-2411:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

0880

xss

vulnerabilities

noah's classifieds 1.3

web script

html

remote attackers

index.php

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah’s Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.

CPENameOperatorVersion
phpoutsourcing:noahs_classifiedsphpoutsourcing noahs classifiedseq1.3
phpoutsourcing:noahs_classifiedsphpoutsourcing noahs classifiedseq1.2

CPE	Name	Operator	Version
phpoutsourcing:noahs_classifieds	phpoutsourcing noahs classifieds	eq	1.3
phpoutsourcing:noahs_classifieds	phpoutsourcing noahs classifieds	eq	1.2

References

securitytracker.com/id?1015667

www.kapda.ir/advisory-268.html

www.securityfocus.com/archive/1/425783/100/0/threaded

www.securityfocus.com/bid/16772

www.vupen.com/english/advisories/2006/0703

exchange.xforce.ibmcloud.com/vulnerabilities/24895

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2006-0880

prion1 nessus1